CVE-2019-11268: UAA SQL Identity Zone Vulnerability
First published: Thu Jul 11 2019(Updated: )
Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones.
Credit: security@pivotal.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pivotal Software Cloud Foundry Uaa-release | <73.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-11268?
CVE-2019-11268 is a vulnerability in Cloud Foundry UAA versions prior to 73.3.0 that allows an authenticated malicious user to obtain private information on users, clients, and groups.
How severe is CVE-2019-11268?
CVE-2019-11268 has a severity rating of 4.3, which is considered medium.
How does CVE-2019-11268 affect Cloud Foundry UAA?
CVE-2019-11268 allows an authenticated malicious user with basic read privileges for one identity zone to extend those privileges to all other identity zones and access private information.
What is the affected software version of CVE-2019-11268?
Cloud Foundry UAA versions prior to 73.3.0 are affected by CVE-2019-11268.
How can I fix CVE-2019-11268?
To fix CVE-2019-11268, update Cloud Foundry UAA to version 73.3.0 or newer.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/pivotal software
- canonical/pivotal software cloud foundry uaa-release